def test_permission_edit(request, product_features, action):
"""
Ensures that changes in permissions are enforced on next login
"""
product_features = version.pick(product_features)
request.addfinalizer(login.login_admin)
role_name = fauxfactory.gen_alphanumeric()
role = Role(name=role_name,
vm_restriction=None,
product_features=[(['Everything'], False)] + # role_features
[(k, True) for k in product_features])
role.create()
group = new_group(role=role.name)
group.create()
user = new_user(group=group)
user.create()
with user:
try:
action()
except Exception:
pytest.fail('Incorrect permissions set')
login.login_admin()
role.update({'product_features': [(['Everything'], True)] +
[(k, False) for k in product_features]
})
with user:
try:
with error.expected(Exception):
action()
except error.UnexpectedSuccessException:
pytest.Fails('Permissions have not been updated')
def test_delete_default_roles():
flash_msg = version.pick({
'5.6': ("Role \"{}\": Error during delete: Cannot delete record "
"because of dependent entitlements"),
'5.5': ("Role \"{}\": Error during \'destroy\': Cannot delete record "
"because of dependent miq_groups")})
role = Role(name='EvmRole-approver')
with error.expected(flash_msg.format(role.name)):
role.delete()
def test_delete_default_roles():
flash_msg = version.pick({
'5.6': ("Role \"{}\": Error during delete: Cannot delete record "
"because of dependent entitlements"),
'5.5': ("Role \"{}\": Error during \'destroy\': Cannot delete record "
"because of dependent miq_groups")})
role = Role(name='EvmRole-approver')
with error.expected(flash_msg.format(role.name)):
role.delete()
def role():
"""
Returns role object used in test module
"""
role = Role(
name='role{}'.format(fauxfactory.gen_alphanumeric()),
vm_restriction='None')
role.create()
yield role
role.delete()
def test_delete_default_roles():
flash_msg = version.pick(
{
"5.6": ('Role "{}": Error during delete: Cannot delete record ' "because of dependent entitlements"),
"5.5": ("Role \"{}\": Error during 'destroy': Cannot delete record " "because of dependent miq_groups"),
}
)
role = Role(name="EvmRole-approver")
with error.expected(flash_msg.format(role.name)):
role.delete()
def test_delete_default_roles():
"""Test that CFME prevents a user from deleting a default role
when selecting it from the Access Control EVM Role checklist
Steps:
* Login as Administrator user
* Navigate to Configuration -> Role
* Try editing the group EvmRole-approver
"""
role = Role(name='EvmRole-approver')
with pytest.raises(RBACOperationBlocked):
role.delete()
def test_edit_default_roles():
"""Test that CFME prevents a user from editing a default role
when selecting it from the Access Control EVM Role checklist
Steps:
* Login as Administrator user
* Navigate to Configuration -> Role
* Try editing the group EvmRole-auditor
"""
role = Role(name='EvmRole-auditor')
newrole_name = "{}-{}".format(role.name, fauxfactory.gen_alphanumeric())
role_updates = {'name': newrole_name}
with pytest.raises(RBACOperationBlocked):
role.update(role_updates)
def _mk_role(name=None, vm_restriction=None, product_features=None):
"""Create a thunk that returns a Role object to be used for perm
testing. name=None will generate a random name
"""
name = name or fauxfactory.gen_alphanumeric()
return lambda: Role(name=name,
vm_restriction=vm_restriction,
product_features=product_features)
def test_permission_edit(appliance, request, product_features, action):
"""
Ensures that changes in permissions are enforced on next login
"""
product_features = version.pick(product_features)
request.addfinalizer(appliance.server.login_admin())
role_name = fauxfactory.gen_alphanumeric()
role = Role(
name=role_name,
vm_restriction=None,
product_features=[(['Everything'], False)] + # role_features
[(k, True) for k in product_features])
role.create()
group = new_group(role=role.name)
group.create()
user = new_user(group=group)
user.create()
with user:
try:
action()
except Exception:
pytest.fail('Incorrect permissions set')
appliance.server.login_admin()
role.update({
'product_features':
[(['Everything'], True)] + [(k, False) for k in product_features]
})
with user:
try:
with error.expected(Exception):
action()
except error.UnexpectedSuccessException:
pytest.Fails('Permissions have not been updated')
def role():
"""
Returns role object used in test module
"""
role = Role(name='role{}'.format(fauxfactory.gen_alphanumeric()),
vm_restriction='None')
role.create()
yield role
role.delete()
def test_permission_edit(appliance, request, product_features, action):
"""
Ensures that changes in permissions are enforced on next login
Args:
appliance: cfme appliance fixture
request: pytest request fixture
product_features: product features to set for test role
action: reference to a function to execute under the test user context
"""
product_features = version.pick(product_features)
request.addfinalizer(appliance.server.login_admin)
role_name = fauxfactory.gen_alphanumeric()
role = Role(name=role_name,
vm_restriction=None,
product_features=[(['Everything'], False)] + # role_features
[(k, True) for k in product_features])
role.create()
group_description = 'grp{}'.format(fauxfactory.gen_alphanumeric())
group = group_collection(appliance).create(description=group_description, role=role.name)
user = new_user(group=group)
user.create()
with user:
try:
action()
except Exception:
pytest.fail('Incorrect permissions set')
appliance.server.login_admin()
role.update({'product_features': [(['Everything'], True)] +
[(k, False) for k in product_features]
})
with user:
try:
with error.expected(Exception):
action()
except error.UnexpectedSuccessException:
pytest.Fails('Permissions have not been updated')
def test_permission_edit(appliance, request, product_features, action):
"""
Ensures that changes in permissions are enforced on next login
Args:
appliance: cfme appliance fixture
request: pytest request fixture
product_features: product features to set for test role
action: reference to a function to execute under the test user context
"""
product_features = version.pick(product_features)
request.addfinalizer(appliance.server.login_admin)
role_name = fauxfactory.gen_alphanumeric()
role = Role(
name=role_name,
vm_restriction=None,
product_features=[(['Everything'], False)] + # role_features
[(k, True) for k in product_features])
role.create()
group_description = 'grp{}'.format(fauxfactory.gen_alphanumeric())
group = group_collection(appliance).create(description=group_description,
role=role.name)
user = new_user(group=group)
user.create()
with user:
try:
action()
except Exception:
pytest.fail('Incorrect permissions set')
appliance.server.login_admin()
role.update({
'product_features':
[(['Everything'], True)] + [(k, False) for k in product_features]
})
with user:
try:
with error.expected(Exception):
action()
except error.UnexpectedSuccessException:
pytest.Fails('Permissions have not been updated')
def new_role():
return Role(
name='rol{}'.format(fauxfactory.gen_alphanumeric()),
vm_restriction='None')
def test_rolename_required_error_validation():
role = Role(
name=None,
vm_restriction='Only User Owned')
with error.expected("Name can't be blank"):
role.create()
def new_role():
return Role(
name='rol' + fauxfactory.gen_alphanumeric(),
vm_restriction='None')
def test_edit_default_roles():
role = Role(name='EvmRole-auditor')
navigate_to(role, 'Edit')
flash.assert_message_match(
"Read Only Role \"{}\" can not be edited".format(role.name))
